reorganized api, added token validation
regrouped api calls for better organization and to add a bit more security. it now checks to make sure the incoming token matches the current session to authorize requests
This commit is contained in:
parent
ac543f3856
commit
4113418c83
4 changed files with 56 additions and 21 deletions
|
@ -70,5 +70,6 @@ class Kernel extends HttpKernel
|
|||
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
|
||||
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
|
||||
'member.check' => \App\Http\Middleware\MemberCheck::class,
|
||||
'validate.token' => \App\Http\Middleware\ValidateAPIToken::class,
|
||||
];
|
||||
}
|
||||
|
|
29
app/Http/Middleware/ValidateAPIToken.php
Normal file
29
app/Http/Middleware/ValidateAPIToken.php
Normal file
|
@ -0,0 +1,29 @@
|
|||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
class ValidateAPIToken
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): Response
|
||||
{
|
||||
$token = $request->header('fipamo-access-token');
|
||||
if ($token == session('token')) {
|
||||
return $next($request);
|
||||
} else {
|
||||
$response = [
|
||||
'message' => "API Auth Fail",
|
||||
'type' => 'postError',
|
||||
];
|
||||
return response()->json($response)->header('Content-Type', 'application/json');
|
||||
}
|
||||
}
|
||||
}
|
|
@ -155,10 +155,7 @@ export default class PostEditor {
|
|||
) {
|
||||
notify.alert(r.message, false);
|
||||
} else {
|
||||
if (
|
||||
r.type === DataEvent.PAGE_UPDATED ||
|
||||
r.type === DataEvent.API_TESTING
|
||||
) {
|
||||
if (r.type === DataEvent.PAGE_UPDATED) {
|
||||
notify.alert(r.message, true);
|
||||
} else {
|
||||
notify.alert(r.message, true);
|
||||
|
|
|
@ -21,24 +21,32 @@ use App\Http\Controllers\API\MailAPIController;
|
|||
|
||||
//check if session is active
|
||||
Route::get("/v1/status", [AuthAPIController::class, 'status']);
|
||||
|
||||
//handle page editing actions
|
||||
Route::put("/v1/page/write", [PageAPIController::class, 'write']);
|
||||
Route::post("/v1/page/create", [PageAPIController::class, 'create']);
|
||||
Route::delete("/v1/page/delete", [PageAPIController::class, 'delete']);
|
||||
Route::group(['prefix' => '/v1/page', 'middleware' => 'validate.token'], function () {
|
||||
Route::put("/write", [PageAPIController::class, 'write']);
|
||||
Route::post("/create", [PageAPIController::class, 'create']);
|
||||
Route::delete("/delete", [PageAPIController::class, 'delete']);
|
||||
});
|
||||
|
||||
//handle file uploads
|
||||
Route::post("/v1/files", [FileUploadAPIController::class, 'upload']);
|
||||
//settings
|
||||
Route::put("/v1/settings/publish", [SettingsAPIController::class, 'publish']);
|
||||
Route::put("/v1/settings/sync", [SettingsAPIController::class, 'sync']);
|
||||
Route::put("/v1/settings/nav-sync", [SettingsAPIController::class, 'navSync']);
|
||||
Route::put("/v1/backup/create", [SettingsAPIController::class, 'createBackup']);
|
||||
Route::get("/v1/backup/content-download", [SettingsAPIController::class, 'downloadBackup']);
|
||||
Route::get("/v1/backup/files-download", [SettingsAPIController::class, 'downloadBackup']);
|
||||
//init
|
||||
Route::post("/v1/init", [InitAPIController::class, 'setupFresh']);
|
||||
Route::post("/v1/restore", [InitAPIController::class, 'setupRestore']);
|
||||
Route::post("/v1/reset", [InitAPIController::class, 'setupReset']);
|
||||
Route::group(['prefix' => '/v1/settings', 'middleware' => 'validate.token'], function () {
|
||||
Route::put("/publish", [SettingsAPIController::class, 'publish']);
|
||||
Route::put("/sync", [SettingsAPIController::class, 'sync']);
|
||||
Route::put("/nav-sync", [SettingsAPIController::class, 'navSync']);
|
||||
});
|
||||
//backups
|
||||
Route::group(['prefix' => '/v1/backup', 'middleware' => 'validate.token'], function () {
|
||||
Route::put("/create", [SettingsAPIController::class, 'createBackup']);
|
||||
Route::get("/content-download", [SettingsAPIController::class, 'downloadBackup']);
|
||||
Route::get("/files-download", [SettingsAPIController::class, 'downloadBackup']);
|
||||
});
|
||||
|
||||
//mail
|
||||
Route::post("/v1/mailer", [MailAPIController::class, 'sendNotify']);
|
||||
//other
|
||||
Route::group(['prefix' => '/v1', 'middleware' => 'validate.token'], function () {
|
||||
Route::post("/files", [FileUploadAPIController::class, 'upload']);
|
||||
Route::post("/init", [InitAPIController::class, 'setupFresh']);
|
||||
Route::post("/restore", [InitAPIController::class, 'setupRestore']);
|
||||
Route::post("/reset", [InitAPIController::class, 'setupReset']);
|
||||
Route::post("/mailer", [MailAPIController::class, 'sendNotify']);
|
||||
});
|
||||
|
|
Loading…
Reference in a new issue